Change to add quote using g_shell_quote in some parameter

- Inserting double quote will not cover if filepath contains double quote
- using g_shell_quote handles this correctly

Change-Id: Ib519c4c40536b3bcc78e2287e72542b822715c84
Signed-off-by: Junghyun Yeon <jungh.yeon@samsung.com>

diff --git a/src/pkgmgr-server.c b/src/pkgmgr-server.c
index 4dd532e..cf55a28 100644 (file)
--- a/src/pkgmgr-server.c
+++ b/src/pkgmgr-server.c
@@ -689,19 +689,28 @@ static int __process_install(struct backend_job *job)
        char *backend_cmd;
        char **argv;
        char args[MAX_PKG_ARGS_LEN];
+       gchar *req_id;
+       gchar *pkgid;
        int pid;
 
        backend_cmd = job->backend_path;
        if (backend_cmd == NULL)
                return -1;
 
-       snprintf(args, sizeof(args), "%s -k \"%s\" -i \"%s\" -u %d %s", backend_cmd,
-                       job->req_id, job->pkgid, (int)job->target_uid, job->args);
+       req_id = g_shell_quote(job->req_id);
+       pkgid = g_shell_quote(job->pkgid);
+       if (!req_id || !pkgid)
+               return -1;
+
+       snprintf(args, sizeof(args), "%s -k %s -i %s -u %d %s", backend_cmd,
+                       req_id, pkgid, (int)job->target_uid, job->args);
 
        argv = __generate_argv(args);
 
        pid = __fork_and_exec_with_args(argv, APPFW_UID);
        g_strfreev(argv);
+       g_free(req_id);
+       g_free(pkgid);
 
        return pid;
 }
@@ -711,19 +720,28 @@ static int __process_mount_install(struct backend_job *job)
        char *backend_cmd;
        char **argv;
        char args[MAX_PKG_ARGS_LEN];
+       gchar *req_id;
+       gchar *pkgid;
        int pid;
 
        backend_cmd = job->backend_path;
        if (backend_cmd == NULL)
                return -1;
 
-       snprintf(args, sizeof(args), "%s -k \"%s\" -w \"%s\" -u %d %s", backend_cmd,
-                       job->req_id, job->pkgid, (int)job->target_uid, job->args);
+       req_id = g_shell_quote(job->req_id);
+       pkgid = g_shell_quote(job->pkgid);
+       if (!req_id || !pkgid)
+               return -1;
+
+       snprintf(args, sizeof(args), "%s -k %s -w %s -u %d %s", backend_cmd,
+                       req_id, pkgid, (int)job->target_uid, job->args);
 
        argv = __generate_argv(args);
 
        pid = __fork_and_exec_with_args(argv, APPFW_UID);
        g_strfreev(argv);
+       g_free(req_id);
+       g_free(pkgid);
 
        return pid;
 }
@@ -733,19 +751,28 @@ static int __process_reinstall(struct backend_job *job)
        char *backend_cmd;
        char **argv;
        char args[MAX_PKG_ARGS_LEN];
+       gchar *req_id;
+       gchar *pkgid;
        int pid;
 
        backend_cmd = job->backend_path;
        if (backend_cmd == NULL)
                return -1;
 
-       snprintf(args, sizeof(args), "%s -k \"%s\" -r \"%s\" -u %d", backend_cmd,
-                       job->req_id, job->pkgid, (int)job->target_uid);
+       req_id = g_shell_quote(job->req_id);
+       pkgid = g_shell_quote(job->pkgid);
+       if (!req_id || !pkgid)
+               return -1;
+
+       snprintf(args, sizeof(args), "%s -k %s -r %s -u %d", backend_cmd,
+                       req_id, pkgid, (int)job->target_uid);
        argv = __generate_argv(args);
 
        pid = __fork_and_exec_with_args(argv, APPFW_UID);
 
        g_strfreev(argv);
+       g_free(req_id);
+       g_free(pkgid);
 
        return pid;
 }